Sr. Security Service Manager, Application Security
Top Benefits
About the role
We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.
At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.
To learn more about CIBC, please visit
CIBC.com
What you’ll be doing
As a Senior Security Service Manager, Application Security, you will play a pivotal role in advancing CIBC’s enterprise-wide Application Security program. Your primary focus will be on strengthening security testing capabilities, ensuring that security and protection are integrated throughout the lifecycle of all applications and data across the enterprise. Your efforts will directly contribute to safeguarding our clients, employees, and the bank, while supporting CIBC’s commitment to flexible and empowering work environment.
At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote.
How you’ll succeed
- Strategic Leadership and Governance – You will drive the creation and ongoing refinement of the Application Security strategy, with a particular emphasis on advancing security testing methodologies and tools. This role requires strong cross-functional collaboration to gather requirements, develop business cases and lead projects, including proof of concepts, in the capacity of a product owner. A continuous improvement mindset is essential, as you will be responsible for identifying and implementing opportunities to enhance both security testing processes and operational efficiency within the domain.
- Security Testing and Assessment – You will oversee the implementation, management, and continuous improvement of security testing services, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). You will measure and report on the effectiveness of these activities to ensure comprehensive coverage and timely remediation of identified vulnerabilities. Additionally, you will conduct regular reviews and analysis of testing results, trends, and emerging threats, using these insights to inform and strengthen risk mitigation strategies.
- Communication and Advocacy – You will prepare and delivery clear, compelling documentation and presentations to executive leadership, effectively articulating the value and necessity of security testing initiatives. You will also drive awareness and provide training to application development teams, ensuring they understand the importance and effective use of security testing tools and processes. Your role will include evaluating business needs against current and emerging risks and providing actionable recommendations to strengthen the organization’s security posture.
- Advisory and Relationship Management – You will act as a trusted advisor to application development, operations, and infrastructure teams, guiding them to integrate security testing into their workflows and prioritize remediation efforts based on risk. You will oversee the identification, assessment and management of security risks and design flaws in key applications, offering practical and prioritized solutions. Staying current with the evolving threat landscape and cultivating partnerships with industry peers and vendors will be essential to ensuring CIBC remains at the forefront of application security.
Who You Are
- You can demonstrate experience in Application Security, Vulnerability Management, and data security standards and best practices. You bring senior-level experience in application security, such as managing SAST, SCA, DAST, or similar security services. You can demonstrate experience in dynamic and static application security testing, penetration testing, DevSecOps, web application firewalls, runtime protection, mobile application security, and broader threat and vulnerability management capabilities.
- You are a certified professional and it is considered an asset if you hold a CISSP, CISA, or CISM designation in good standing.
- You're passionate about people. You find meaning in relationships and surround yourself with a diverse network of partners. You connect with others through respect and authenticity.
- You give meaning to data. You enjoy investigating complex problems and making sense of information. You communicate detailed information in a meaningful way.
- You know that details matter. You notice things that others don't. Your critical thinking skills help to inform your decision making.
- You embrace and champion change, continually evolving your approach to deliver your best work.
- Values matter to you. You bring your real self to work and you live our values – trust, teamwork, and accountability.
#LI-TA
What CIBC Offers
At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.
-
We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.
-
Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.
-
We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.
-
Subject to plan and program terms and conditions
What you need to know
-
CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact
-
You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.
-
We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, French proficiency, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.
Job Location
Toronto-81 Bay, 18th Floor
Employment Type
Regular
Weekly Hours
37.5
Skills
Analytical Thinking, Application Security, Application Security Testing, Collaboration, Communication, Continual Improvement Process, Continuous Improvement, Critical Thinking, Dynamic Application Security Testing (DAST), Group Problem Solving, Information Security, Network Operations, Security Operations, Security Risk Assessment, Security Service, Security Standards, Security Strategy, Security Testing, Static Application Security Testing (SAST), Teamwork, Technical Knowledge, Vulnerability Management
About CIBC
CIBC is here to help all our clients reach their goals.
We know the importance of reliable financial products and services, and we’re dedicated to providing them in a way that lets you bank however you want, whenever you want.
With innovative tools designed around your priorities and a team fully focused on your success, you’ll get the insights you need to get even closer to achieving your goals.
This culture of innovation and shared values of trust, teamwork and accountability are why we’ve been named a top employer in Canada. They’re also why a career at CIBC is more than a job—it’s an opportunity to grow and work alongside some of the brightest in Canada.
La Banque CIBC est là pour aider tous nos clients à atteindre leurs objectifs.
Nous connaissons l'importance de produits et services financiers fiables, et nous nous engageons à les fournir d'une manière qui vous permette d'effectuer vos opérations bancaires comme vous le souhaitez, quand vous le souhaitez.
Avec des outils innovants conçus autour de vos priorités et une équipe entièrement centrée sur votre réussite, vous obtiendrez les informations dont vous avez besoin pour vous rapprocher encore plus de vos objectifs.
Cette culture de l'innovation et les valeurs partagées de confiance, de travail d'équipe et de responsabilité sont la raison pour laquelle nous avons été nommés l'un des meilleurs employeurs au Canada. C'est aussi pourquoi une carrière à la Banque CIBC est plus qu'un emploi : c'est une occasion de grandir et de travailler aux côtés de certaines des personnes plus brillantes au Canada.
Sr. Security Service Manager, Application Security
Top Benefits
About the role
We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.
At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.
To learn more about CIBC, please visit
CIBC.com
What you’ll be doing
As a Senior Security Service Manager, Application Security, you will play a pivotal role in advancing CIBC’s enterprise-wide Application Security program. Your primary focus will be on strengthening security testing capabilities, ensuring that security and protection are integrated throughout the lifecycle of all applications and data across the enterprise. Your efforts will directly contribute to safeguarding our clients, employees, and the bank, while supporting CIBC’s commitment to flexible and empowering work environment.
At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote.
How you’ll succeed
- Strategic Leadership and Governance – You will drive the creation and ongoing refinement of the Application Security strategy, with a particular emphasis on advancing security testing methodologies and tools. This role requires strong cross-functional collaboration to gather requirements, develop business cases and lead projects, including proof of concepts, in the capacity of a product owner. A continuous improvement mindset is essential, as you will be responsible for identifying and implementing opportunities to enhance both security testing processes and operational efficiency within the domain.
- Security Testing and Assessment – You will oversee the implementation, management, and continuous improvement of security testing services, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). You will measure and report on the effectiveness of these activities to ensure comprehensive coverage and timely remediation of identified vulnerabilities. Additionally, you will conduct regular reviews and analysis of testing results, trends, and emerging threats, using these insights to inform and strengthen risk mitigation strategies.
- Communication and Advocacy – You will prepare and delivery clear, compelling documentation and presentations to executive leadership, effectively articulating the value and necessity of security testing initiatives. You will also drive awareness and provide training to application development teams, ensuring they understand the importance and effective use of security testing tools and processes. Your role will include evaluating business needs against current and emerging risks and providing actionable recommendations to strengthen the organization’s security posture.
- Advisory and Relationship Management – You will act as a trusted advisor to application development, operations, and infrastructure teams, guiding them to integrate security testing into their workflows and prioritize remediation efforts based on risk. You will oversee the identification, assessment and management of security risks and design flaws in key applications, offering practical and prioritized solutions. Staying current with the evolving threat landscape and cultivating partnerships with industry peers and vendors will be essential to ensuring CIBC remains at the forefront of application security.
Who You Are
- You can demonstrate experience in Application Security, Vulnerability Management, and data security standards and best practices. You bring senior-level experience in application security, such as managing SAST, SCA, DAST, or similar security services. You can demonstrate experience in dynamic and static application security testing, penetration testing, DevSecOps, web application firewalls, runtime protection, mobile application security, and broader threat and vulnerability management capabilities.
- You are a certified professional and it is considered an asset if you hold a CISSP, CISA, or CISM designation in good standing.
- You're passionate about people. You find meaning in relationships and surround yourself with a diverse network of partners. You connect with others through respect and authenticity.
- You give meaning to data. You enjoy investigating complex problems and making sense of information. You communicate detailed information in a meaningful way.
- You know that details matter. You notice things that others don't. Your critical thinking skills help to inform your decision making.
- You embrace and champion change, continually evolving your approach to deliver your best work.
- Values matter to you. You bring your real self to work and you live our values – trust, teamwork, and accountability.
#LI-TA
What CIBC Offers
At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.
-
We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.
-
Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.
-
We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.
-
Subject to plan and program terms and conditions
What you need to know
-
CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact
-
You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.
-
We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, French proficiency, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.
Job Location
Toronto-81 Bay, 18th Floor
Employment Type
Regular
Weekly Hours
37.5
Skills
Analytical Thinking, Application Security, Application Security Testing, Collaboration, Communication, Continual Improvement Process, Continuous Improvement, Critical Thinking, Dynamic Application Security Testing (DAST), Group Problem Solving, Information Security, Network Operations, Security Operations, Security Risk Assessment, Security Service, Security Standards, Security Strategy, Security Testing, Static Application Security Testing (SAST), Teamwork, Technical Knowledge, Vulnerability Management
About CIBC
CIBC is here to help all our clients reach their goals.
We know the importance of reliable financial products and services, and we’re dedicated to providing them in a way that lets you bank however you want, whenever you want.
With innovative tools designed around your priorities and a team fully focused on your success, you’ll get the insights you need to get even closer to achieving your goals.
This culture of innovation and shared values of trust, teamwork and accountability are why we’ve been named a top employer in Canada. They’re also why a career at CIBC is more than a job—it’s an opportunity to grow and work alongside some of the brightest in Canada.
La Banque CIBC est là pour aider tous nos clients à atteindre leurs objectifs.
Nous connaissons l'importance de produits et services financiers fiables, et nous nous engageons à les fournir d'une manière qui vous permette d'effectuer vos opérations bancaires comme vous le souhaitez, quand vous le souhaitez.
Avec des outils innovants conçus autour de vos priorités et une équipe entièrement centrée sur votre réussite, vous obtiendrez les informations dont vous avez besoin pour vous rapprocher encore plus de vos objectifs.
Cette culture de l'innovation et les valeurs partagées de confiance, de travail d'équipe et de responsabilité sont la raison pour laquelle nous avons été nommés l'un des meilleurs employeurs au Canada. C'est aussi pourquoi une carrière à la Banque CIBC est plus qu'un emploi : c'est une occasion de grandir et de travailler aux côtés de certaines des personnes plus brillantes au Canada.